What is claimed is: 



1 1 . An apparatus comprising: 

2 a cryptographic processor within a wireless device, the cryptographic 

3 processor comprising: 

4 at least one cryptographic unit; 

5 a nonvolatile memory to store one or more microcode instructions, 

6 wherein at least one of the one or more microcode instructions is related to a 

7 sensitive operation; and 

8 a controller to control execution of the one or more microcode 

9 instructions by the at least one cryptographic unit, wherein the controller is to 

10 preclude execution of the sensitive operation if the apparatus is within an untrusted 

1 1 state. 

1 2. The apparatus of claim 1, further comprising: 

2 a volatile memory to store a cache of at least one cryptographic key and a 

3 counter, and 

4 at least one platform configuration register. 

1 3. The apparatus of claim 2, wherein a sensitive operation is an operation that 

2 uses a root encryption key for the apparatus, an operation that uses one of the at 

3 least one encryption key or an operation that is to access the counter or the at least 

4 one platform configuration register. 

1 4. The apparatus of claim 2, wherein the apparatus is within the untrusted state 

2 if the apparatus is improperly initialized, if an authentication operation of one of the 

3 at least one cryptographic key fails or if one of the cryptographic units is to perform 

4 an illegal operation. 
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1 5. The apparatus of claim 4, wherein an illegal operation includes an out-of- 

2 order execution by one of the at least one cryptographic units. 

16. A method comprising: 

2 receiving a primitive instruction into a cryptographic processor within a 

3 wireless device; 

4 retrieving at least one microcode instruction from a nonvolatile memory 

5 within the cryptographic processor based on the primitive instruction; and 

6 executing the at least one microcode instruction if the microcode instruction 

7 is not a sensitive operation or if the at least one microcode instruction is a sensitive 

8 operation and the cryptographic processor is in a trusted state. 

1 7. The method of claim 6, wherein executing the at least one microcode 

2 instruction if the microcode instruction is not the sensitive operation comprises 

3 executing the at least one microcode instruction if the microcode instruction does 

4 not uses a root encryption key of the cryptographic processor. 

1 8. The method of claim 6, wherein executing the at least one microcode 

2 instruction if the microcode instruction is not the sensitive operation comprises 

3 executing the at least one microcode instruction if the microcode instruction does 

4 not uses an encryption key protected within the cryptographic processor. 

1 9. The method of claim 6, wherein executing the at least one microcode 

2 instruction if the microcode instruction is not the sensitive operation comprises 

3 executing the at least one microcode instruction if the microcode instruction does 

4 not access a monotonic counter or data in a platform configuration register. 

1 10. The method of claim 6 further comprising initializing the cryptographic 

2 processor prior to receiving the primitive instruction, wherein initializing comprises 
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3 verifying at least one functional unit in the cryptographic processor is generating 

4 proper results. 

1 11. The method of claim 1 0, wherein verifying the at least one functional unit in 

2 the cryptographic processor is generating proper results comprises verifying a hash 

3 unit in the cryptographic processor is generating correct hashes. 

1 12. The method of claim 10, wherein verifying the at least one functional unit in 

2 the cryptographic processor is generating proper results comprises verifying a 

3 random number generator unit is generating random numbers. 

1 13. The method of claim 1 0, wherein verifying the at least one functional unit in 

2 the cryptographic processor is generating proper results comprises verifying an 

3 exponential arithmetic unit or an arithmetic logic unit is computing proper results. 

1 14. A method comprising: 

2 receiving a patch of at least one microcode instruction stored in nonvolatile 

3 memory within a cryptographic processor in a wireless device; and 

4 validating the patch during a boot operation of the wireless device prior to 

5 execution of the patch of the at least one microcode instruction, wherein the 

6 validating comprises: 

7 validating a cryptographic key of the patch based on a hash of the 

8 cryptographic key that is stored in a one time programmable storage in a nonvolatile 

9 memory that is external to the cryptographic processor. 

1 15. The method of claim 1 4 further comprising receiving a signature of the 

2 patch, wherein the validating of the patch comprises: 

3 generating a digest of the patch using a hash unit within the cryptographic 

4 processor; 
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5 decrypting the received signature of the patch to generate a decrypted 

6 received signature; 

7 comparing the decrypted received signature to the generated digest; and 

8 validating the patch if the decrypted received signature equals the generated 

9 digest. 

1 16. The method of claim 14, wherein receiving the patch of the at least one 

2 microcode instruction stored in the nonvolatile memory within the cryptographic 

3 processor in the wireless device comprises receiving the patch from a nonvolatile 

4 memory external to the cryptographic processor. 

1 1 7. The method of claim 14, wherein receiving the patch of the at least one 

2 microcode instruction stored in the nonvolatile memory within the cryptographic 

3 processor in the wireless device comprises receiving a patch of a part of the 

4 microcode instructions in the nonvolatile memory, wherein the patch includes at 

5 least one patch flag that identifies the part of the microcode instructions to be 

6 patched. 

1 18. The method of claim 1 4 further comprising loading a segment of the patch 

2 into a volatile memory within the cryptographic processor after at least one 

3 microcode instruction within the segment is to be executed in place of a microcode 

4 instruction stored in the nonvolatile memory within the cryptographic processor. 

1 19. A machine-readable medium that provides instructions, which when 

2 executed by a machine, cause said machine to perform operations comprising: 

3 receiving a primitive instruction into a cryptographic processor; 

4 retrieving at least one microcode instruction from a memory within the 

5 cryptographic processor based on the primitive instruction; and 
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6 executing the at least one microcode instruction if the at least one microcode 

7 instruction is a sensitive operation and the cryptographic processor is in a trusted 

8 state. 

1 20. The machine-readable medium of claim 19, wherein executing the at least 

2 one microcode instruction if the microcode instruction is a sensitive operation 

3 comprises executing the at least one microcode instruction if the microcode 

4 instruction uses a root encryption key of the cryptographic processor. 

1 21 . The machine-readable medium of claim 19, wherein executing the at least 

2 one microcode instruction if the microcode instruction is a sensitive operation 

3 comprises executing the at least one microcode instruction if the microcode 

4 instruction uses a data encryption key protected within the cryptographic processor. 

1 22. The machine-readable medium of claim 19 further comprising initializing 

2 the cryptographic processor prior to receiving the primitive instruction, wherein 

3 initializing comprises verifying at least one functional unit in the cryptographic 

4 processor is generating proper results. 

1 23. A machine-readable medium that provides instructions, which when 

2 executed by a machine, cause said machine to perform operations comprising: 

3 receiving a patch of at least one microcode instruction stored in nonvolatile 

4 memory within a cryptographic processor in a wireless device; and 

5 validating the patch during a boot operation of the wireless device prior to 

6 execution of the patch of the at least one microcode instruction, wherein the 

7 validating comprises: 

8 validating a cryptographic key of the patch based on a hash of the 

9 cryptographic key that is stored in a one time programmable storage in a nonvolatile 
1 0 memory that is external to the cryptographic processor. 
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1 24. The machine-readable medium of claim 23 further comprising receiving a 

2 signature of the patch, wherein the validating of the patch comprises: 

3 generating a signature of the patch using a hash unit within the cryptographic 

4 processor; 

5 comparing the received signature to the generated signature; and 

6 validating the patch if the received signature equals the generated signature. 

1 25. The machine-readable medium of claim 23, wherein receiving the patch of 

2 the at least one microcode instruction stored in the nonvolatile memory within the 

3 cryptographic processor in the wireless device comprises receiving the patch from a 

4 nonvolatile memory external to the cryptographic processor. 

1 26. The machine-readable medium of claim 23 further comprising loading a 

2 segment of the patch into a volatile memory within the cryptographic processor after 

3 at least one microcode instruction within the segment is to be executed in place of a 

4 microcode instruction stored in the nonvolatile memory within the cryptographic 

5 processor. 

1 27. A system comprising: 

2 a FLASH memory to store a hash in a one time programmable storage, 

3 wherein the hash is of a cryptographic key associated with a patch of the at least one 

4 microcode instruction; and 

5 a cryptographic processor comprising: 

6 a nonvolatile memory to store the at least one microcode instruction 

7 to be patched; 

8 a number of cryptographic units; and 

9 a controller to cause at least one of the number of cryptographic units 

1 0 to validate the patch based on the cryptographic key and the hash of the 

1 1 cryptographic key. 
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1 28. The system of claim 27, wherein the FLASH memory is to store a signature 

2 of the patch based on the cryptographic key, wherein the controller is to cause at 

3 least one of the number of cryptographic units to validate the patch based on the 

4 signature. 

1 29. The system of claim 27, wherein the nonvolatile memory is a read only 

2 memory. 

1 30. The system of claim 27, wherein the cryptographic processor further 

2 comprises a volatile memory, wherein the controller is to cause the patch to be 

3 loaded into the volatile memory after the patch is validated. 

1 31. The system of claim 30, further comprising an application processor to 

2 generate a primitive instruction related to a cryptographic operation, wherein the 

3 controller is to retrieve the at least one microcode instruction related to the primitive 

4 instruction from the patch loaded into the volatile memory or from the nonvolatile 

5 memory. 

1 32. The system of claim 3 1 , further comprising a shared volatile memory, 

2 wherein the shared volatile memory is partitioned into a public section and a private 

3 section, wherein the public section is accessible by the cryptographic processor and 

4 the application processor, and wherein the private section is accessible by the 

5 cryptographic processor and not the application processor. 
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